The Ongoing Effects of Intel CPU Flaws
The Ongoing Effects of Intel CPU Flaws
Over the last year, we’ve seen many Intel CPU hardware flaws come to light and when news first broke about Meltdown & Spectre there was a lot of panic: "should we patch?", "What’s the performance impact?", "Can we still rely on this hardware?"
Learn more about Meltdown & Spectre:
Since then, there have been multiple research teams that have uncovered other practical ways to make the CPU leak secrets that it really shouldn’t. While these flaws are hard to exploit in practice, I do recommend you consult your security advisor before taking any decisions based on performance research we’ve done as we focus on performance, not security... What’s interesting to see is that with L1TF and the latest Intel MDS problems my typical customer does not seem to care that much anymore. “What are we going to do about it?” is something I regularly hear.
- The number of people that have patched, but don’t know what the impact is
- The number of people where the impact on their environment was +10%
Especially around the latter, I don’t typically encounter a lot of VDI environments that have +10% spare capacity just laying around. Having said that, you might not have to enable all mitigations or even disable hyperthreading, but you are not always in control. For many organizations VDI is just one part of their ecosystem and “somebody else” is managing the hypervisor/storage, or you might be in somebody else’s data center (cloud!) altogether.
What’s interesting to note that these problems are not only impacting Windows via regular windows update but also your hypervisor, storage systems and likely even some of your application backends. Its therefore extremely hard to assume these numbers are also valid for your environment and testing in your own environment is therefore advised. When running a typical VDI environment on-prem I recommend starting out with Login VSI for capacity planning & load testing, or otherwise if you are in the cloud you could also consider using Login PI to spot when the cloud provider has done the update (they are likely only going to tell you after the fact, making sure not to expose themselves to 0-day leaks).
So, what are the most important variables when it comes to calculating the performance impact of Intel MDS?
- CPU Architecture
- Operating system version
- Hypervisor version
- Applications (CPU, or IO intense)
- Type of storage e.g. all-flash, hybrid or HDD
The typical bottleneck for most of my customers is CPU, and while a large part of that is consumed by the operating system, most performance problems they report however come from applications. It’s therefore important you use either Login VSI or Login PI to validate the outcomes of patching in your own environment to stay out of trouble.
Without knowing exactly what your environment looks like and based on testing we’ve done over the last 1.5 years. Often together with vendors that release these patches to you, these are the predicted loss in scalability numbers. Again, there are many variables, these tests were conducted on our Cisco HyperFlex system with Broadwell CPU’s and full flash storage and Windows 10 virtual machines. If you are still running your VDI’s on traditional storage systems take special note, because these patches don’t just impact the CPU, something many people overlook.
One of the important things I’ve learned over the last year is that keeping the performance of your VDI environment great is not a one-time action. Ideally, you consider performance tests as a standard part of your change management process where only if a change is good for performance it can pass through the organization.
I highly recommend you read our articles on Change Management and register for our next webinar: Change Management – How VDI testing helps to protect business continuity.
VDI Like a Pro data also shows that the average IT-Admin is spending an ever-increasing time per month on performance problems, so if you want to stay ahead: Test! It’s that simple.
To show you what that means in real life, here’s a snapshot of monitoring data with random selections from multiple days received from a customer that decided to upgrade and patch for Intel MDS on the morning of the 21st. Not only was their scalability severely impacted, the logon times nearly doubled. Needless to say, nobody wants this to happen in their environment.
Where can I find more information?
Or watch a recap of all this information in our latest webinar on Intel MDS patches:
You can learn more about this webinar HERE.
Start using Login VSI today
Our industry-standard software is built to help you avoid problems, lower costs and improve performance. Request a Quote or get your free Trial below, and benefit from our award-winning services.
About the company Login VSI
The company Login VSI provides end-user performance insights for virtualized desktop and server-based computing environments. Enterprise IT departments use flagship product Login VSI (for load testing) and Login PI (for continuity testing) in all phases of their virtual desktop deployment—from planning to deployment to change management—to build and safeguard a good performance, a high availability, and (as a result) a good and consistent end-user experience. For more information about Login VSI or for a free test license contact us.